我在本地覆盆子pi上有一个蚊子MQTT,就像一个护身符。我在AWS IoT上创建了一个同样有效的mqtt代理。
在树莓派上,我可以使用mosquitto_pub和mosquitto_sub命令“手动”连接,发布和订阅AWS代理。当我手动执行此操作时,我将使用所有证书和东西。我使用的命令是:
mosquitto_pub --cafile amazonCA1.pem --cert certificate.cert --key private.key -h XXXXXXXXXXXXXXXXXX.amazonaws.com -p 8883 -q 1 -d -t "iot/test" -m "testing message"
所以,我认为问题不在证书上。
问题是,当我将配置更改为使用“桥接模式”时,我在mosquitto日志上收到以下消息:
1584371971: Connecting bridge (step 1) awsiot (XXXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883)
1584371972: Connecting bridge (step 2) awsiot (XXXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883)
1584371972: Bridge bridgeawsiot sending CONNECT
1584371972: OpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
1584371972: Socket error on client local.bridgeawsiot, disconnecting.
1584371977: Bridge local.bridgeawsiot doing local SUBSCRIBE on topic #
这是我的mosquitto.conf:
pid_file /var/run/mosquitto.pid
persistence true persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log log_type all
#log_dest topic
log_type error log_type warning log_type notice log_type information
connection_messages true log_timestamp true
include_dir /etc/mosquitto/conf.d
password_file /etc/mosquitto/passwordfile allow_anonymous false
这是我的/etc/mosquitto/conf.d/bridge.conf
connection awsiot
address XXXXXXXXXXXXXXXXXXXX.amazonaws.com:8883
# Specifying which topics are bridged
topic # both 1
# Setting protocol version explicitly
bridge_protocol_version mqttv311
bridge_insecure false
# Bridge connection name and MQTT client Id,
# enabling the connection automatically when the broker starts.
cleansession true
clientid bridgeawsiot
start_type automatic
notifications false
log_type all
# =================================================================
# Certificate based SSL/TLS support
# -----------------------------------------------------------------
#Path to the rootCA
bridge_cafile /home/pi/certs/amazonCA1.pem
# Path to the PEM encoded client certificate
bridge_certfile /home/pi/certs/certificate.cert
# Path to the PEM encoded client private key
bridge_keyfile /home/pi/certs/private.key
所以,总的来说问题是:当我手动连接/发布/订阅时,一切正常...但是当我使用网桥conf文件时,出现错误:
OpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
有什么建议吗?在我的本地代理(raspberry pi)上使用带有用户名/ pw的身份验证方法和在AWS上进行证书身份验证是否有问题?
谢谢
[好,我不知道自己做了什么,我只知道它解决了问题。
起初,我在拥有的Ubuntu VM上全新安装了mosquitto,并且一切正常。
然后,我从树莓派上卸载了Mosquitto并再次安装。就像我配置Ubuntu VM一样配置它,仍然没有运气。我开始认为问题出在我的树莓派映像上……但是在对配置进行了一些修改之后,将证书文件从一个目录移动到另一个目录,更改了权限,更改了bridge.conf文件的目录和其他内容……开始工作,现在可以了。
因此,如果您将来遇到此问题:也许只是文件或目录的权限。